Certbot: Difference between revisions

Certbot is the program by Let's Encrypt to manage your SSL certificates.

Install

See https://certbot.eff.org/instructions

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare

Usage

See Managing Certificates

# List certificates
sudo certbot certificates

# Install a certificate
sudo certbot --apache -d wiki.davidl.me

# Generate a certificate without install
sudo certbot certonly --apache -d wiki.davidl.me

# Renew all certificates
sudo certbot renew

# Revoke a certificate
sudo certbot revoke --cert-name example.com

# Delete a certificate
sudo certbot delete --cert-name example.com

Wildcard Certificates

LetsEncrypt requires dns challenges for wildcard certificates. This means you'll need to input your dns information and us a compatible dns for auto-renewals.

Fill out dns creditials in ~/.secrets/certbot/cloudflare.ini

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <email>
dns_cloudflare_api_key = <apikey>

# Generate a wildcard certificate
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me

Internal Services

Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge.